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DETAILED ACTION 

1 . Applicant's submission for RCE filed on June 10, 2008 has been entered. Claims 
1-6, 8-15, 17-23, 25 and 26 are pending. Claim 26 is newly added by the applicant. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-6, 8, 10-15, 17-23 and 25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Smith et al (US Patent No. 7,136,873) in view of Schneier et al (US 
Patent No. 5,978475) in view of Chang et al (US Patent No. 6,584,459) and in view of 
Numao et al (US Patent NO. 6,647,388). 

As per claim 1 , Smith teaches: 

storing a plurality of electronic records in a common repository of electronic records in 
the database [Fig. 1, 34 component 16], creating a security protocol that protects the 
electronic records against unauthorized access [Fig. 34, component 1604]; creating a 
query designed to identify electronic records in the database that meet criteria 
designated in the query [Fig. 34, 27, col. 41 lines 1-11]; prior to executing the query, 
modifying the query in accordance with the security protocol (i.e. access policy) to 
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create a modified query [Fig. 34, col. 42 lines 1-5]; and running the modified query 
against the data [Fig. 34, col. 40 lines 57-61]. 

Smith teaches storing plurality of electronic records as shown in Fig. 34. Smith does not 
expressively mention that provides an audit trail that cannot be altered or disabled by 
users of the system. 

Schneier teaches storing a plurality of electronic records in a common repository of 
electronic records in the database that provides an audit trail that cannot be altered or 
disabled by users associated with the database [Fig. 3, col. 6 lines 41-64, col. 12 lines 
47-50]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Schneier with Smith, since one would have been 
motivated to generate a secure audit log [Schneier, col. 3 line 8]. 

Chang teaches each electronic record comprises unstructured data stored in a 
character large-object (CLOB) format in a column of a table of the database [Fig. 1, 3, 
col. 11 lines 61-67, col. 12 lines 1-19]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Chang with Smith and Schneier, since one would 
have been motivated to provide efficient database management system [Chang, col. 3 
lines 31-33]. 

Numao teaches: generating one or more security rules in response to input identifying 
one or more elements in the unstructured data (e.g. parameter which identifies subject, 
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object... etc.) as elements of the one or more security rules [Fig. 5, 6, 1, 2, col. 10 lines 
66-67, col. 11 lines 1-42], wherein the security policy (protocol) protects the 
unauthorized access based on the one or more security rules [Fig. 1 , 2]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Numao with Smith, Schneier and Chang, since one 
would have been motivated to provide a conditional response that is dependent on the 
establishment of a specific state [Numao, col. 2 lines 1-2, 15-21]. 

As per claim 2 , the rejection of claim 1 is incorporated and Numao teaches 
allowing a user to identify the one or more element in the unstructured data as indexed 
elements [Fig. 5, col. 10 lines 66-67, col. 11 lines 1-16]; and allowing a user to generate 
the one or more security rules based on the indexed elements [Fig. 5, col. 11 lines 20- 
24, Fig. 6]. 

As per claim 3 and 4 , the rejection of claim 1 is incorporated and Smith teaches 

access to electronic records in the common repository is automatically granted/denied 
unless the security protocol restricts/grants such access [Fig. 34, col. 42 lines 59-62]. 

Numao teaches: 

access to electronic records in the common repository is automatically granted/denied 
unless the security protocol restricts/grants such access and wherein the security 
protocol comprises a plurality of security rules that restricts access to the electronic 
records within the database [Figs. 1, 2, 4, 5]. 
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As per claim 5 , the rejection of claim 1 is incorporated and Smith teaches: 

the plurality of electronic records are generated from multiple data sources [Fig. 5]. 

As per claim 6 , the rejection of claim 5 is incorporated and Smith teaches a predefined 
mapping of the fields to multiple data sources [Fig. 5, col. 4 lines 53-55]. 

Chang teaches the fields of the electronic records are filled with XML data based on a 
predefined mapping to multiple data sources [col. 2 lines 18-28, Fig. 4]. 

As per claim 8 , the rejection of claim 1 is incorporated and Chang teaches the 
unstructured data comprises well-formed XML documents stored within the column of 
the table stored in the database [col. 13 lines 29-49]. 

As per claim 10 , it encompasses limitations that are similar to limitations of claim 1. 
Thus, it is rejected with the same rationale applied against claim 1 above. 

As per claim 11 . the rejection of claim 10 is incorporated and it encompasses limitations 
that are similar to limitations of claim 2. Thus, it is rejected with the same rationale 
applied against claim 2 above. 
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As per claim 12 and 13 , the rejection of claim 10 is incorporated and they encompass 
limitations that are similar to limitations of claims 3 and 4. Thus, it is rejected with the 
same rationale applied against claims 3 and 4 above. 

As per claim 14 , the rejection of claim 10 is incorporated and it encompasses limitations 
that are similar to limitations of claim 5. Thus, it is rejected with the same rationale 
applied against claim 5 above. 

As per claim 15 , the rejection of claim 14 is incorporated and it encompasses limitations 
that are similar to limitations of claim 6. Thus, it is rejected with the same rationale 
applied against claim 6 above. 

As per claim 17 , the rejection of claim 16 is incorporated and it encompasses limitations 
that are similar to limitations of claim 8. Thus, it is rejected with the same rationale 
applied against claim 8 above. 

As per claim 18 , it encompasses limitations that are similar to limitations of claim 1. 
Thus, it is rejected with the same rationale applied against claim 1 above. 



As per claim 19 , the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 2. Thus, it is rejected with the same rationale 
applied against claim 2 above. 



Application/Control Number: 10/731,673 
Art Unit: 2135 



Page 7 



As per claim 20 and 21 . the rejection of claim 19 is incorporated and they encompass 
limitations that are similar to limitations of claims 3 and 4. Thus, it is rejected with the 
same rationale applied against claims 3 and 4 above. 

As per claim 22 . the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 5. Thus, it is rejected with the same rationale 
applied against claim 5 above. 

As per claim 23 . the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 6. Thus, it is rejected with the same rationale 
applied against claim 6 above. 

As per claim 25 . the rejection of claim 18 is incorporated and it encompasses limitations 
that are similar to limitations of claim 8. Thus, it is rejected with the same rationale 
applied against claim 8 above. 

3. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Smith et 
al (US Patent No. 7,136,873) in view of Schneier et al (US Patent No. 5,978475) in view 
of Chang et al (US Patent No. 6,584,459) and in view of Numao et al (US Patent NO. 
6,647,388) and in view of Kahn (US Patent No. 7,185,192). 
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As per claim 9 , the rejection of claim 1 is incorporated and Kahn teaches: 

allowing a user to enable and disable the security protocol [col. 4 lines 43-67, col. 5 
lines 1-37, 44-49]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Kahn with Smith, Schneier, Chang and Numao, 
since one would have been motivated to provide robust access control mechanisms 
using a flexible authorization system [Kahn, col. 4 lines 20-22]. 

4. Claim 26 is rejected under 35 U.S.C. 103(a) as being unpatentable over Smith et 
al (US Patent No. 7,136,873) and in view of Numao et al (US Patent No. 6,647,388). 

As per claim 26 , Smith teaches: 

generating a security protocol based on the security rule [Fig. 34, component 1604]; 
receiving a query designed to identify documents stored in the database that meet 
criteria designated in the query [Fig. 34, 27, col. 41 lines 1-11]; prior to executing the 
query, modifying the query in accordance with the security protocol (i.e. access policy) 
to create a modified query [Fig. 34, col. 42 lines 1-5]; and generating information 
indicative of executing the modified query against the document [Fig. 34, col. 40 lines 
57-61]. 

Numao teaches: generating one or more security rules in response to input identifying 
an XML elements in at least one XML the document (e.g. parameter which identifies 
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subject, object... etc.) as security elements of a security rule [Fig. 5, 6, 1, 2, 3, col. 10 
lines 66-67, col. 11 lines 1-42], generating the security policy (protocol) based on the 
security rules [Fig. 1,2]. 

Therefore, it would have been obvious to a person of ordinary skill in the art at the time 
the invention was made to combine Numao with Smith, since one would have been 
motivated to provide a conditional response that is dependent on the establishment of a 
specific state [Numao, col. 2 lines 1-2, 15-21]. 

Response to Amendment 

5. Applicant has added new claim 26 which is rejected based on the cited prior art 
Smith et al and Numao et al. See rejection above. 

Regarding to applicant argument that "Numao does not include in response to 
input identifying one or more elements in unstructured data as elements of the one or 
more security rules", Examiner disagrees, since Numao teaches receiving/inputting an 
access request and parameter as shown in Fig. 1 or 2. The access request that 
employs as parameters, Subject, which is data used to identifying the subject by which 
the access request was submitted, Object, which is data used to identify an access 
target, and Operation, which is data used to identify an operation to be performed for 
the access target [e.g. query (use(Nihon Taroh/IBM/Japan), 
'http://admin.trl.eom//form/ /expense.xmr , read(html)))]. A rule that matches all the 
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parameters (Subject, Object and Operation) in the access request is searched for in the 
access control policy database. The policy rule format employed as parameters are 
Subject, Object (i.e. 'http://admin.trl.eom//form// expense.xmr ), Operation and 
Condition. Together these parameters constitute the rule [Fig. 6, col. 11 lines 1-42]. 
The name of the file (expense.xml) is an element in the document (document/data 
contains many attributes/elements, e.g. the name of file, type of file... etc.), which is 
used as an element of the security rule as discussed above. Therefore, it meets the 
claim limitation. From the examiner point of view the cited reference clearly teaches the 
claim limitation as above. The argued limitation "element in unstructured data as 
elements of the one or more security riles" must be clearly defined in the claimed 
language, if Applicant believes it differs from the cited one. Applicant is reminded that 
additional modification to clarify the claimed language is necessary for further 
consideration and distinction from the prior art. 



Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Kudoh et al (US Patent No. 7409390) - Access control system and methods 

Stakutis et al (US 7188127) -- Method, System and Program for processing a file 

request 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to NIRAV PATEL whose telephone number is (571)272- 
5936. The examiner can normally be reached on 8 am - 4:30 pm (M-F). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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